NAT Routing issue while inside network using external IP.

Michael_ITG · ‎10-20-2011

First off some info - I have a 1921 Router with Sec License running 15.1. Just for testing purposes, I have set it up as a simple single VLAN network 192.168.10.0 (/24).

I'm having a major issue with trying to reach something inside the network using its external IP while I'm connected to that network. Let me explain, I have a device at 192.168.10.199 which has a web interface on port 80.

While inside the network I pull up a browser and point it to http://192.168.10.199:80 and I'm able to see the web interface - no problem. Ok, so I want to be able to access it while outside the network too, so I add the appropriate port forwarding rules:

ip nat inside source static tcp 192.168.10.199 80 interface GigabitEthernet0/1 80

ip nat inside source static udp 192.168.10.199 80 interface GigabitEthernet0/1 80

Ok so now when I'm outside the network if I pull up a web browser and type in http://(external ip address):80 I'm able to see the web interface as I should - no problem.

Here's the tricky part - when I'm inside that network and try to use http://(external ip address):80 - it doesn't work. I have to use the local IP address for it to work. For the life of me I can't figure out why this is happening. I've used some cheap end routers (Linksys and Netgears) that seem to have no problem with this. I have client's that use laptops that are sometimes on their local network and sometimes outside, and I'd like them to be able to use the same address to access this device.

Is this a bug? Or do I need to do something special for this to work as I want it to that I've totally missed? Any help would really be appreciated. Thank you.

cadet alain · ‎10-20-2011

Hi,

this feature is called hairpinning and is referenced in a rfc but only pix/ASA can do this not cisco routers.

I've always thought that NAT on a stick could solve the issue but my readings from today were making me doubt about it.

Hopefully a more expert person in this domain can tell if it is doable with some tricks.

Regards.

Alain.

Don't forget to rate helpful posts.

cadet alain · ‎10-20-2011

Hi,

I stumbled upon this link where someone posted a solution which seems to work.

http://www.2bccie.com/2010/02/28/hairpin-nat-on-a-cisco-ios-router.html

Alain.

Don't forget to rate helpful posts.

Michael_ITG · ‎10-21-2011

cadet alain,

I appreciate the replies, I didn't know this was such a big deal. I've used Linksys (now Cisco Small Business) RV042 routers with other clients and they are able to do this without any programming. It just seems really strange that a $150 Linksys/Cisco SB router can do this yet a $1000 Cisco ISR Router can't.

I'd like to be able to do this without having to mess with DNS entries or having multiple NIC cards on the host machine (which is what the link you posted suggested). Surely I can't be the only person who has tried to do this with a Cisco ISR Router. Personally I find the ISR Routers to be much more capable then PIX/ASA's, which is why I like using them. There has to be some way to do this with policy based routing, right? Has anyone ever been able to do this or know how?